CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Patchstack•added 2026/05/21 10:39 p.m.•3 views

NPM: Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret

NPM: Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret vulnerability discovered by ? in WordPress Npm network-ai versions = 5.4.4...

5.8AI score

Exploits0References2Affected Software1

Patchstack•added 2026/05/21 9:20 p.m.•3 views

NPM: JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

NPM: JavaScript Cookie: Per-instance prototype hijack in assign enables cookie-attribute injection vulnerability discovered by ? in WordPress Npm js-cookie versions = 3.0.5...

5.8AI score

Exploits0References2Affected Software1

Patchstack•added 2026/05/18 5:44 p.m.•3 views

NPM: Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows

NPM: Budibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope Rows vulnerability discovered by ? in WordPress Npm budibase versions 3.38.1...

5.4CVSS5.8AI score0.00028EPSS

Exploits0References3Affected Software1

Patchstack•added 2026/05/18 5:40 p.m.•4 views

NPM: multiparty vulnerable to ReDoS via filename parsing

NPM: multiparty vulnerable to ReDoS via filename parsing vulnerability discovered by ? in WordPress Npm multiparty versions = 4.2.3...

7.5CVSS5.8AI score0.00055EPSS

Exploits0References6Affected Software1

Patchstack•added 2026/05/15 5:41 p.m.•4 views

NPM: Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation

NPM: Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via prefix rotation vulnerability discovered by ? in WordPress Npm better-auth versions 1.4.17...

7.3CVSS5.8AI score0.0007EPSS

Exploits0References6Affected Software1

Patchstack•added 2026/05/14 6:27 p.m.•3 views

NPM: Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation

NPM: Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation vulnerability discovered by ? in WordPress Npm apostrophe versions = 4.29.0...

5.8AI score

Exploits0References2Affected Software1

Patchstack•added 2026/05/12 3:1 p.m.•7 views

NPM: protobuf.js: Denial of service through unbounded protobuf recursion

NPM: protobuf.js: Denial of service through unbounded protobuf recursion vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.5...

7.5CVSS5.8AI score0.00058EPSS

Exploits0References5Affected Software1

Patchstack•added 2026/05/08 7:13 p.m.•4 views

NPM: fast-uri vulnerable to host confusion via percent-encoded authority delimiters

NPM: fast-uri vulnerable to host confusion via percent-encoded authority delimiters vulnerability discovered by ? in WordPress Npm fast-uri versions = 3.1.1...

7.5CVSS5.8AI score0.00011EPSS

Exploits0References4Affected Software1

Patchstack•added 2026/05/08 4:27 p.m.•3 views

NPM: fast-xml-builder Comment Value regex can be bypassed

NPM: fast-xml-builder Comment Value regex can be bypassed vulnerability discovered by ? in WordPress Npm fast-xml-builder versions 1.1.5...

6.1CVSS5.8AI score0.0001EPSS

Exploits0References4Affected Software1

Patchstack•added 2026/05/07 4:32 a.m.•5 views

NPM: vm2's Transformer Fast-Path Bypass Exposes Internal State Variable

NPM: vm2's Transformer Fast-Path Bypass Exposes Internal State Variable vulnerability discovered by ? in WordPress Npm vm2 versions = 3.10.5...

5.8CVSS5.8AI score0.00049EPSS

Exploits1References4Affected Software1